Nginx Conf

Hi,

we’ve enabled Falcon Engine without seeing any real improvement, actually from a benchmark test on the homepage the results were worst when activated:

– w/Wordfence: 5.386s
– without/Wordfence: 4.674s

When installed we’ve followed the instructions provided from Wordfence support that were saying to add the following but always getting an error when trying to restart nginx:

worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time status $status bytes $body_bytes_sent';
#Uncomment to debug rewrite rules
#rewrite_log on;
server {
listen 80;
server_name test1.com;
access_log logs/test1.access.log main;
#Uncomment to debug rewrite rules
#error_log logs/rewrite.log notice;
root /usr/local/test1;
index index.php;

# WORDFENCE FALCON ENGINE CODE
#Match on gzip first because ordering matters.
location ~ "/site/wp-content/wfcache/.*gzip$" {
gzip off;
types {}
default_type text/html;
add_header Vary "Accept-Encoding, Cookie";
add_header Content-Encoding gzip;
}
#If the previous matched, the following location won't be executed.
location ~ /site/wp-content/wfcache/.* {
add_header Vary "Accept-Encoding, Cookie";
}
set $wordfenceCacheOn 1;

#Don't cache form submissions.
if ($request_method = POST) {
set $wordfenceCacheOn 0;
}

#Allow caching of /?123=123 because this is a common DDoS to override caches.
if ($query_string !~ "^(?:d+=d+)?$") {
set $wordfenceCacheOn 0;
}

#Only cache URL's ending in /
if ($request_uri !~ /$) {
set $wordfenceCacheOn 0;
}
#Don't cache any cookies with this in their names e.g. users who are logged in.
if ($http_cookie ~* "(comment_author|wp-postpass|wf_logout|wordpress_logged_in|wptouch_switch_toggle|wpmp_switcher)") {
set $wordfenceCacheOn 0;
}
set $wordfenceEncoding "";
#Oh, you want gzipped content?
if ($http_accept_encoding ~ gzip) {
set $wordfenceEncoding _gzip;
}
set $wordfenceHTTPS "";
if ($scheme = 'https'){
#If you want to ENABLE HTTPS caching, comment out the next line.
set $wordfenceCacheOn 0; #Comment this line out to enable HTTPS caching.

set $wordfenceHTTPS '_https'; #Uncomment this line to enable HTTPS caching.
}
#The main purpose of this line is to capture the URL components into variables.
if ($request_uri !~ "^/*(?<wfone>[^/]*)/*(?<wftwo>[^/]*)/*(?<wfthree>[^/]*)/*(?<wffour>[^/]*)/*(?<wffive>[^/]*)(?<wfsix>.*)$"){
set $wordfenceCacheOn 0;
}
#If the file doesn't exist then don't serve from cache.
if (!-f "$document_root/site/wp-content/wfcache/${http_host}_${wfone}/${wftwo}~${wfthree}~${wffour}~${wffive}~${wfsix}_wfcache${wordfenceHTTPS}.html${wordfenceEncoding}") {
set $wordfenceCacheOn 0;
}

if ($wordfenceCacheOn = 1) {
rewrite .* "/site/wp-content/wfcache/${http_host}_${wfone}/${wftwo}~${wfthree}~${wffour}~${wffive}~${wfsix}_wfcache${wordfenceHTTPS}.html${wordfenceEncoding}" last;
}
# END Wordfence Rules

location / {
try_files $uri $uri/ /index.php?$args ;
}
location ~ .php$ {
try_files $uri /index.php;
include fastcgi_params;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
}

Then we’ve followed the advice from a forum user and created a wf.conffile inside the conf.d directory adding just the following code and including the file in the nginx.conf file:

server {
# WORDFENCE FALCON ENGINE CODE
#Match on gzip first because ordering matters.
location ~ "/site/wp-content/wfcache/.*gzip$" {
gzip off;
types {}
default_type text/html;
add_header Vary "Accept-Encoding, Cookie";
add_header Content-Encoding gzip;
}
#If the previous matched, the following location won't be executed.
location ~ /site/wp-content/wfcache/.* {
add_header Vary "Accept-Encoding, Cookie";
}
set $wordfenceCacheOn 1;

#Don't cache form submissions.
if ($request_method = POST) {
set $wordfenceCacheOn 0;
}

#Allow caching of /?123=123 because this is a common DDoS to override caches.
if ($query_string !~ "^(?:d+=d+)?$") {
set $wordfenceCacheOn 0;
}

#Only cache URL's ending in /
if ($request_uri !~ /$) {
set $wordfenceCacheOn 0;
}
#Don't cache any cookies with this in their names e.g. users who are logged in.
if ($http_cookie ~* "(comment_author|wp-postpass|wf_logout|wordpress_logged_in|wptouch_switch_toggle|wpmp_switcher)") {
set $wordfenceCacheOn 0;
}
set $wordfenceEncoding "";
#Oh, you want gzipped content?
if ($http_accept_encoding ~ gzip) {
set $wordfenceEncoding _gzip;
}
set $wordfenceHTTPS "";
if ($scheme = 'https'){
#If you want to ENABLE HTTPS caching, comment out the next line.
set $wordfenceCacheOn 0; #Comment this line out to enable HTTPS caching.

set $wordfenceHTTPS '_https'; #Uncomment this line to enable HTTPS caching.
}
#The main purpose of this line is to capture the URL components into variables.
if ($request_uri !~ "^/*(?<wfone>[^/]*)/*(?<wftwo>[^/]*)/*(?<wfthree>[^/]*)/*(?<wffour>[^/]*)/*(?<wffive>[^/]*)(?<wfsix>.*)$"){
set $wordfenceCacheOn 0;
}
#If the file doesn't exist then don't serve from cache.
if (!-f "$document_root/site/wp-content/wfcache/${http_host}_${wfone}/${wftwo}~${wfthree}~${wffour}~${wffive}~${wfsix}_wfcache${wordfenceHTTPS}.html${wordfenceEncoding}") {
set $wordfenceCacheOn 0;
}

if ($wordfenceCacheOn = 1) {
rewrite .* "/site/wp-content/wfcache/${http_host}_${wfone}/${wftwo}~${wfthree}~${wffour}~${wffive}~${wfsix}_wfcache${wordfenceHTTPS}.html${wordfenceEncoding}" last;
}
# END Wordfence Rules
}

We then had no problem in restarting the service and managed to activate Falcon Engine. However we didn’t notice any improvement and when trying to load the server through loader.io the test failed after 15 with settings of just 100 connections in 1 minute. Is there a bad configuration? Thanks in advance

https://ww.wp.xz.cn/plugins/wordfence/